Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Thesamur's AutoGPT Authentication Bypass Allows Unauthorized Access
CVE-2025-41023
Summary
A security flaw in Thesamur's AutoGPT lets attackers log in without a password. This allows them to use any part of the web application, even if they shouldn't be able to. Update to the latest version to fix this issue.
Original title
An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker...
Original description
An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used.
nvd CVSS4.0
6.9
Vulnerability type
CWE-287
Improper Authentication
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026